log tweak

[Richard Hubbard]

The very general rule is that  syslog only logs what it is told to.  So, 
depending on what you are using for your firewall, that is the program 
configuration to change..

for example if you are using shorewall (highly recommended, basically a 
fairly complete front end for iptables, only understandable by humans) 
there is a file 'shorewall.conf' which primarily configures logging:
http://shorewall.sourceforge.net/
(click on documentation, then on Configuration File Reference Manual, 
then on shorewall.conf)
this has several configuration lines which allow you to set the log 
level for lots of different events. 
Other firewalls should be similar. 
Cyber Source wrote:

> Ok, I know I posted about this a long time ago but it never got off 
> the ground, at least on my end. Here is what I want to accomplish and 
> the most helpful reply would be an example, I can figure out the 
> options from there;
>
> I want to get more control of my syslog. I read the man pages on it 
> and see that it uses "facilities" of which are the results of 
> different functions, processes, whatever. Here is my problem, whenever 
> I setup a system with a firewall, ALL the results of EVERY packet are 
> sent to /var/log/messages. This totally clogs up and ruins the purpose 
> of this general log file. So,
>
> 1. How can I filter a firewalls log post to go to another file?
> 2. What facility would the firewall be using to post to the file, 
> kernel?, and how do you know which facility it's using?
> 3. Once you find what file determines what facility, can it be changed?
> 4. Can you add a facility to be used for a custom setting you might want?
>
> TIA!
>
>